"Livingston, John A" <john.a.livings...@boeing.com> writes: > On Jun 6, 2012, at 4:59 PM, Russ Allbery wrote:
>> Can you try running sshd -d under valgrind and see if it can spot where >> the memory corruption is happening? > Below are two valgrind runs (without and with -v, depending on how much > address spam you'd like to read) with password auth being attempted. In > general kfree.c around line 400 seems fraught with danger. Aha! Do you have the keytab PAM option set either in the PAM configuration or in krb5.conf? MIT Kerberos appears to have a bug where krb5_verify_init_creds unconditionally frees the server krb5_principal argument even if it was passed in by the caller, resulting in a double-free in the pam-krb5 module when the keytab option is set. This bug appears to have been introduced in commit caf1fdd98690019d9ac9f56125f4916cfbdfd2d4 which was applied as a patch in the krb5 package in Debian even though that change wasn't in 1.10.1. It looks like that bug isn't in any released version of Kerberos, but the Debian package will need a new release to fix it. I'll copy Sam so that he's aware and also file an upstream bug. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
